Is Your Guardian Angel Tranquilized?

Whether or not you believe in guardian angles, believe in browser protection. So you know about the big breach at Yahoo. Are you protected against similar attacks?

This is the start of a new series called “What to ask your IT professionals.” This series will provide you, the busy executive, with quick and important questions to discuss with IT. This series empowers you, as an executive, to broach topics that don’t “come up” in ordinary conversation. The series addresses both security and best practices—and of course those two often go hand-in-hand already.

Here is what to ask your IT Professionals to help you protect your entire organization against “drive-by-download” attacks: “What security level is configured for the internet and for trusted web sites?”

Because web sites are one of the best ways for attackers to inject malicious software into your network, your users’ computers need as much protection as possible while still allowing them to effortlessly (effortlessly as related to their use of technology) do their jobs.

Modern browsers strive to make security settings easy and understandable by offering a few settings from which to choose. These are examples:

A really nice feature is that you can choose “High Security” by default and then make exceptions for specific sites that you trust.

When security is configured to high levels then, on occasion, users might receive a notice that “such and such web site is about to do a potentially bad thing. Is that okay with you?”

Though some won’t, every user who does heed the warning helps protect the security of your network.

Your IT Professionals know of strategies to reduce the number of “support calls” they would otherwise receive. Those strategies improve the users’ experience as well.

Too many IT security decisions are based upon the following notion: “Oh no! Will our users ever hear from their Guardian Angel? Let’s tranquilize her.” Because of this fear, by default from the manufacturer when the software is initially installed, most browsers use less-than-the-best security.

Ask your IT Professional to adjust, and at least discuss with you, the current settings on your organization’s browsers. The default security settings for untrusted sites are probably set too low.